Has anyone gone through integrating Solr with Keycloak? I’m trying to figure out how to map the Keycloak response back to what Solr needs to figure out the user.
Here is my security.json: https://github.com/querqy/chorus/blob/75f153b699855e6e2862900bd4413764f7b6a01e/solr/security.json <https://github.com/querqy/chorus/blob/75f153b699855e6e2862900bd4413764f7b6a01e/solr/security.json> And what I am getting back: 2021-11-02 21:03:27.805 INFO (qtp332699949-17) [] o.a.s.s.RuleBasedAuthorizationPluginBase This resource is configured to have a permission { "name":"all", "role":"admin"}, The principal JWTPrincipalWithUserRoles{username='4a3d078b-418a-48fc-a26b-80d51f973084', token='*****', claims={exp=1635887907, iat=1635887007, auth_time=1635887007, jti=cdab53d1-3dc2-4a7a-a98b-83b9b19257e6, iss=http://keycloak:9080/auth/realms/chorus, aud=account, sub=4a3d078b-418a-48fc-a26b-80d51f973084, typ=Bearer, azp=solr, nonce=tawciobxw3parxd0kyjw2p7r8sszymvdx, session_state=57f6aea7-f243-4fa3-a6e1-6e83926e65af, acr=1, allowed-origins=[http://localhost:8983], realm_access={roles=[offline_access, uma_authorization, default-roles-chorus]}, resource_access={account={roles=[manage-account, manage-account-links, view-profile]}}, scope=openid email profile, email_verified=false, name=bob dole, preferred_username=b...@dole.com, given_name=bob, family_name=dole, email=b...@dole.com}, roles=[profile, email]} does not have the right role _______________________ Eric Pugh | Founder & CEO | OpenSource Connections, LLC | 434.466.1467 | http://www.opensourceconnections.com <http://www.opensourceconnections.com/> | My Free/Busy <http://tinyurl.com/eric-cal> Co-Author: Apache Solr Enterprise Search Server, 3rd Ed <https://www.packtpub.com/big-data-and-business-intelligence/apache-solr-enterprise-search-server-third-edition-raw> This e-mail and all contents, including attachments, is considered to be Company Confidential unless explicitly stated otherwise, regardless of whether attachments are marked as such.
